NatWest Implements Behavioral Biometrics for Online Banking

A top UK bank is rolling out behavioral biometrics to secure online transactions.

NatWest, which serves more than 14 million customers in the UK, has been trialing BioCatch technology within Coutts and with some business customers, and plans to pilot the technology with personal banking customers later in 2017.

The bank is using the technology to stop fraudulent attempts to transfer funds, identify remote access Trojans during an online session, and identify fraud attempts occurring across multiple channels (i.e., online and mobile).

BioCatch’s system captures more than 500 points of behavior such as hand-eye coordination, pressure, hand tremors, navigation, scrolling and other finger movements amongst other things to create a unique user profile. Via continuous authentication, it is also able to recognize anomalies in behaviors from the point of login and throughout the entire session. This allows BioCatch to distinguish the normal human behavior of an authorized user from that of an unauthorized user, as well as to recognize automated BOTs, RATS, malware and other malicious account takeover attacks, where the victim is typically unaware that their banking session has been hacked.

“The technology that we’ve been able to deploy with the help of BioCatch has played a crucial role in strengthening our security systems,” said Simon McNamara, chief administrative officer of NatWest. “The breadth of behavioral biometrics that BioCatch technology can monitor is really impressive and we’ve already seen many examples of it alerting us to suspicious activity and protecting our customers from fraud.”

Eyal Goldwerger, BioCatch CEO, added, “With 48% of data security breaches across the financial services industry involving compromised web applications, the importance of validating a user not only at login but throughout a session as a way to prevent fraud, has taken on increasing urgency. At the same time, today’s leading banks, such as NatWest, are also extremely mindful that injecting additional security measures must be balanced with maintaining a seamless customer experience, whether online or mobile.”

The service, which will go live soon across 12 markets including the UK, Spain, Sweden, Germany and the Netherlands, uses facial biometrics to verify a user’s identity, meaning they don’t have to remember yet another password to complete a transaction.